| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
Extended file attributes are name-value pairs that can be
associated with each node in a file system. Despite the fact that
POSIX.1e draft which proposed them has been withdrawn, the extended
file attributes are supported by many file systems. GNU tar can
store extended file attributes along with the files. This feature is
controlled by the following command line arguments:
Enable extended attributes support. When used with ‘--create’,
this option instructs GNU tar to store extended file attribute in the
created archive. This implies POSIX.1-2001 archive format
(‘--format=pax’).
When used with ‘--extract’, this option tells tar,
for each file extracted, to read stored attributes from the archive
and to apply them to the file.
Disable extended attributes support. This is the default.
Attribute names are strings prefixed by a namespace name and a dot. Currently, four namespaces exist: ‘user’, ‘trusted’, ‘security’ and ‘system’. By default, when ‘--xattrs’ is used, all names are stored in the archive (with ‘--create’), but only ‘user’ namespace is extracted (if using ‘--extract’). The reason for this behavior is that any other, system defined attributes don’t provide us sufficient compatibility promise. Storing all attributes is safe operation for the archiving purposes. Though extracting those (often security related) attributes on a different system than originally archived can lead to extraction failures, or even misinterpretations. This behavior can be controlled using the following options:
Specify exclude pattern for extended attributes.
Specify include pattern for extended attributes.
Here, the pattern is a globbing pattern. For example, the following command:
$ tar --xattrs --xattrs-exclude='user.*' -cf a.tar .
will include in the archive ‘a.tar’ all attributes, except those from the ‘user’ namespace.
Users shall check the attributes are binary compatible with the target system before any other namespace is extracted with an explicit ‘--xattrs-include’ option.
Any number of these options can be given, thereby creating lists of include and exclude patterns.
When both options are used, first ‘--xattrs-include’ is applied to select the set of attribute names to keep, and then ‘--xattrs-exclude’ is applied to the resulting set. In other words, only those attributes will be stored, whose names match one of the regexps in ‘--xattrs-include’ and don’t match any of the regexps from ‘--xattrs-exclude’.
When listing the archive, if both ‘--xattrs’ and ‘--verbose’ options are given, files that have extended attributes are marked with an asterisk following their permission mask. For example:
-rw-r--r--* smith/users 110 2016-03-16 16:07 file
When two or more ‘--verbose’ options are given, a detailed listing of extended attributes is printed after each file entry. Each attribute is listed on a separate line, which begins with two spaces and the letter ‘x’ indicating extended attribute. It is followed by a colon, length of the attribute and its name, e.g.:
-rw-r--r--* smith/users 110 2016-03-16 16:07 file x: 7 user.mime_type x: 32 trusted.md5sum
File access control lists (ACL) are another actively used feature proposed by the POSIX.1e standard. Each ACL consists of a set of ACL entries, each of which describes the access permissions on the file for an individual user or a group of users as a combination of read, write and search/execute permissions.
Whether or not to use ACLs is controlled by the following two options:
Enable POSIX ACLs support. When used with ‘--create’,
this option instructs GNU tar to store ACLs in the
created archive. This implies POSIX.1-2001 archive format
(‘--format=pax’).
When used with ‘--extract’, this option tells tar,
to restore ACLs for each file extracted (provided they are present
in the archive).
Disable POSIX ACLs support. This is the default.
When listing the archive, if both ‘--acls’ and ‘--verbose’ options are given, files that have ACLs are marked with a plus sign following their permission mask. For example:
-rw-r--r--+ smith/users 110 2016-03-16 16:07 file
When two or more ‘--verbose’ options are given, a detailed listing of ACL is printed after each file entry:
-rw-r--r--+ smith/users 110 2016-03-16 16:07 file a: user::rw-,user:gray:-w-,group::r--,mask::rw-,other::r--
Security-Enhanced Linux (SELinux for short) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including so-called mandatory access controls (MAC). Support for SELinux attributes is controlled by the following command line options:
Enable the SELinux context support.
Disable SELinux context support.
| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
This document was generated on August 23, 2023 using texi2html 5.0.